Bug 12494
Summary: | /var/spool/mail should be 1777 -- Dupes 10678 | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | R P Herrold <herrold> |
Component: | imap | Assignee: | Cristian Gafton <gafton> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.2 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-06-19 00:54:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
R P Herrold
2000-06-19 00:54:57 UTC
1777 mail spool directory allows all sorts of unpleasant disk filling attacks, people making symlinks into the mail spool and worse. Most mail applications are not hardened against that kind of abuse. Sure - there should be an sgid external mail-lock helper. I've been trying to beat this into certain mail package authors for 3 or 4 years. But there isnt and your cure is worse than the disease, far far worse than the disease *** Bug 21126 has been marked as a duplicate of this bug. *** *** Bug 21126 has been marked as a duplicate of this bug. *** |